By Dennis Maida, Jr., Intelligence Manager

At Hetherington Group, we are the force multiplier often required by a Global Security Operations Center (GSOC), Executive Protection Team, or physical security entity to create a defense-in-depth strategy for safeguarding lives, property, and reputation. The ability to do so in a collaborative mannerwith our intelligence professionals serving as the early warning beacon at the outer perimeterhas proven successful time and time again.

Thinking strategically to aid our clients in anticipating and effectively mitigating areas of risk is our charge. As we enter into 2022, we step up to the front line of risk and assess the threat landscape for 2022. In doing so, it quickly becomes apparent that the majority of issues cuts across all business sectors. Whether in the financial, manufacturing, healthcare, or arts and entertainment sectors, we can see the potential impact is formidable even if the who, what, how, and why remain somewhat covert.  

In this 5-part blog series, I review the four most significant threat and risk concerns in the next 6-12 months: U.S. midterm electionsthe Great Resignation; supply chainand COVID-19. Each one is unique, yet there is a connection between them. Check-in with me weekly, as I identify their common threads while digging into each area’s unique risks and challenges.

Forewarned is Forearmed

 “We’re not just fighting a pandemic; we’re fighting an infodemic.”

~ Director-General of the World Health Organization (WHO), Tedros Adhanom Ghebreyesus, 2020

Overview

In the winter of 2020, the world as we know it changed overnight and, as of March 2022, it has yet to return to the “normal” we all remember. The emergence and global spread of COVID-19, having originated in the Wuhan Province of China, brought with it fear, intolerance, false narratives, and chosen ignorance of its existence. The pandemic changed our ways of shopping, working, and enjoying family time at holidays, birthdays, and milestone events. Yet, the pandemic also brought with it a trove of data and information collected, analyzed and disseminated not only by scientists and governments but also by professional and amateur OSINT “analysts” around the globe. Their missions were/are to fact check and challenge the misinformation, deliver hidden gems of data to those who decipher its complexity, and to inform the public through social media and partnering with journalists.

History is flush with occurrences of emerging infectious diseases where the concern of it rising to a pandemic has occurred more often than anyone suspects. Major pandemics and epidemics such as plague, cholera, flu, severe acute respiratory syndrome coronavirus (SARS-CoV) and Middle East respiratory syndrome coronavirus (MERS-CoV) have already afflicted  . It is now common for the world to witness new and emerging infectious diseases. As the global interconnectedness becomes more fluid, it is essential for first responders to observe, orient, decide, and act. As COVID-19 has shown most recently, a disease not before seen has the potential to grow exponentially if preventive measures are delayed.

Meeting the challenges future pandemics are likely to present to us requires a global surveillance system for the rapid detection of viruses and plagues. Key to this surveillance system is global awareness monitoring. That is, the capability to observe and act upon early warning indicators—and misinformation campaigns—using open source collection tools and analytical methods.

The Role of OSINT and Awareness Monitoring

Early in the beginning of the COVID-19 pandemic, it became apparent the official timeline pushed out by China on the origin of the virus was not congruent with that found in official reporting. Local health authorities initially failed to report the coronavirus epidemic, resulting in a delay in reporting it to the WHO until December 31, 2019. From that date through January 3, 2020, 44 cases of pneumonia unattributed to any known virus, was detected by the China Center for Disease Control and Prevention. Two of those cases did not report visiting a seafood market, and there was no other link between them and the rest of the cases. This information, collectively with two other cases of pneumonia, suggests to scientists that the “epidemic originated earlier than December 2019.”[1]

So why does this matter?

Due in part to a noted absence of news reports from December 2019, it is possible, “media reporting was censored; this is supported by what appears to be a retracted news item on December 26.”[2] This was a notable fact found when conducting a retrospective analysis on the origins of the virus. Tactical or operational daily awareness monitoring using, using open-source intelligence is a potential tool to aid early detection, especially where formal surveillance data are lacking. Although these data are not validated, once a signal is detected, it can and should be formally investigated, tested, and validated. The use of open-source epidemic intelligence can supplement conventional surveillance to provide early detection of serious emerging epidemics, especially where official disease surveillance reporting is lacking.[3]

The study of 12 million social media posts in China from November 2019 to March 2020, specifically looking at posts regarding symptoms and diagnosis, found that by doing so, one could predict daily case counts up to a week ahead of government entities.[4] The results demonstrate several positive use cases for global awareness monitoring for key medical terms across social media platforms. The implications of using “force multipliers” in epidemic intelligence are astounding and truly forwarding leaning—providing low cost and time sensitive capabilities to observe and report in near-real time, 24/7/365.

This activity is not without challenges, however. It can be hampered by global restrictions on social media platforms. The platforms also hold some challenges, including the inability to allow software to triage location data. Language barriers can also prove challenging. The human element, however, is the key piece required to make it successful: Risk intelligence analysts triage, review, validate, and interpret the findings and disseminate data to appropriate authorities. These challenges are minuscule however when compared to the hours or days saved in responding to pandemic threats through the integration of open source intelligence tradecraft and awareness monitoring with epidemic intelligence.

OSINT vs Misinformation

The world is suffering from an infodemic—a complex mix of information, disinformation and misinformation—waged on the front lines of open and social media sources. It has been and remains a challenge for public health officials since they need to push guidance to the masses on how to respond to changes in a health crisis. The integration of social media into our everyday lives provides an effective, and at times combative, medium to deliver important information directly to the public in near immediacy.

What’s more, is the infodemic environment exposes everyone to misinformation campaigns designed to undermine faith in government, cause undo panic, and—at worse—incite violence. False social media accounts and news outlets often go unchecked by users and platforms alike. If the sourcing or origins are not challenged, or worse, false posts are shared by high ranking political figures or trusted members of society, the false information becomes rooted in society, is taken as fact, and is the cause of society’s divide.

The use of OSINT in any intelligence endeavor, including battling both a global epi- and info-demic, is only as good as its sources. Whether the source is classified or unclassified the criteria used to determine legitimacy of information remains the same. The operational utility and trust of open source information comes down to timeliness, accuracy, relevancy, and the currency of sources.  OSINT analysts and investigators are on the frontlines battling misinformation campaigns waged across the internet. Their position requires a methodical and often time-consuming approach to counter the misinformation, such as tracing content sourcing, establishing site credibility through its authors and sources, interrogating site domain registrations, and developing link analysis of those involved.

From where I sit, the upside to employing a robust risk intelligence program is palpable. Providing organizational leadership with the oversight and tools to make effective strategic decisions is a must. Stay connected with me and Hg Insights for the next report on Intelligence Risk in 2022.

[1] https://publichealth.jmir.org/2020/3/e18939/

[2] https://publichealth.jmir.org/2020/3/e18939/

[3] Kpozehouen E, Chen X, Zhu M, Macintyre C. Using Open-Source Intelligence to Detect Early Signals of COVID-19 in China: Descriptive Study JMIR Public Health Surveill 2020;6(3):e18939 DOI: 10.2196/18939

[4] https://www.ucdavis.edu/coronavirus/news/sick-posts-social-media-help-early-tracking-covid-19

Mr. Maida joined Hetherington Group in 2021 as Manager of Intelligence. In this senior leadership role, Mr. Maida is responsible for the development of Hg’s Intelligence Center and day-to-day operations for risk monitoring, threat intelligence, and business and cyber support. He is tasked with fostering the growth of Hg’s Intelligence Center and maturing Hg’s Risk Intelligence program directly related to the security and welfare of clients. Prior to joining Hg, Mr. Maida served from 2016-2021 as Principal Lead of Strategic Cyber Intelligence at the Bank of New York Mellon, where he mitigated exposure to cyber vulnerabilities and drove strategic and geopolitical cyber threat intelligence initiatives.